Splunk Search

Community Activity

How do I extract these lines from my sample multiline event without patterns into a single field? Hi, I'm trying to extract some lines from a multiline event, for example: 2016-05-17T19:40:37,022 INFO [00000033] ... by gutter New Member in Splunk Search 06-01-2016 0 2	0	2
Find a time average? I am trying to determine the mean or average time when a event occurs. I would like to find an average of the last c... by omgwut56k Path Finder in Splunk Search 06-01-2016 0 10	0	10
How can I set a specific drilldown on a line chart based on the value of a field? My issue is that I have a line chart that shows the CPU usage from both linux and windows servers. If the user click... by dandaily Explorer in Splunk Search 06-01-2016 0 4	0	4
How to return results from Search1 which are not present in Search2? I have two searches that will return common fields Event & UUID. I have to get the results from the first search whic... by cvreddy New Member in Splunk Search 06-01-2016 0 2	0	2
How to edit my search to check for a valid order of events against a lookup? Hi there, i have a series of events wich contain time and location information and want to check if they are in a v... by swe Path Finder in Splunk Search 06-01-2016 0 2	0	2
How to search the sum of bytes by IP? I am trying to find the total bytes usage by user/ip - I have in the index the various clientip and the bytes usage... by arkonner Path Finder in Splunk Search 06-01-2016 0 1	0	1
Extract field from a complex multi-lines event from log file Hi pros, I am new with Splunk and trying to analyze a complex log file from a financial application. I want to figure... by langlv Engager in Splunk Search 05-31-2016 0 3	0	3
How to match two values from a lookup table and a search I have a lookup table with a list of usernames that have logged in to a website last year in 2015, and I'm trying to ... by WyldeRhoads Engager in Splunk Search 05-31-2016 0 7	0	7
Consolidated search solution across AWS and an internal data center We are in the process of extending our solution out into AWS from an internal data center, and want to index all logs... by mellocello2003 New Member in Splunk Search 05-31-2016 0 1	0	1
single value chart (as a progress bar) Using the example search: testId=1 \| stats count(sessionIDs) that returns a single value, I'd like to present it i... by ra01 Path Finder in Splunk Search 05-31-2016 0 2	0	2
How to edit my search to detect a significant change in events frequency over a sliding window? Based on an event log we would like to find event type which frequency changed by 50% or more over a 5 min window. U... by pm771 Communicator in Splunk Search 05-31-2016 0 2	0	2
getting all the value's of the culum in a table in a variable Hi i'm trying to to make a custom dashboard. This is wat i got so far. The dashboard is in html it is an image of the... by yonick Engager in Splunk Search 05-31-2016 0 2	0	2
how to get Transactions per second based on average values for each instance How to get Transactions per second from the following table(table 1). I also have a table which gets me the per secon... by jkalra Explorer in Splunk Search 05-31-2016 0 11	0	11
space in field value Hello all, I need to know how i can erase space in field value. In security audit of windows system the username in ... by ambemou New Member in Splunk Search 05-31-2016 0 2	0	2
Comparing Multivalue fields by percentage I have customer names assigned to servers in multivalue fields. Sample data below: I need to be able to compare ... by david_rose Communicator in Splunk Search 05-31-2016 0 6	0	6
How to edit our search to output certain values based on a status field? Hi, We have a requirement to write a search: We have a status(up,down,disabled,enabled), 1.If status is up or enab... by splunker9999 Path Finder in Splunk Search 05-31-2016 0 2	0	2
calculate baseline for chart in different time range I am plotting timechart avg(secs) by city for timerangepicker time range. I want to add a baseline in this chart as a... by disha Contributor in Splunk Search 05-31-2016 0 3	0	3
How to change the _time text in the table? How to change the _time text in the table? How to change in _time of "2016-04-01" to "first week", for example. ... by renanprado96 Path Finder in Splunk Search 05-31-2016 1 5	1	5
eventstats function issue Hi, For retriving data from iis logs, I have used various eval statements, eventstats, and stats functions. When I am... by guruwells Explorer in Splunk Search 05-31-2016 0 10	0	10
How to extract all fields between a word and two specific characters in a string? I have a text as following: Hello OFF anything blah blah & ^ anything - )< OFF anything blo blo & ^ ble - )< OFF... by royimad Builder in Splunk Search 05-31-2016 0 8	0	8
Using mvexpand to get multiple fields from XML data, why am I getting incorrect values for a field? I am using mvexpand for getting multiple fields from an XML and grouping them. Here is my search: spath output=Mana... by sushmitha_mj Communicator in Splunk Search 05-30-2016 0 12	0	12
Query for different timezones I have imported data with daytime in GMT time zone. I need count events group by on variable interval (day,week or ... by alucaferro Engager in Splunk Search 05-30-2016 0 4	0	4
combinig two search commands I have 2 indexers which are having the same columns Index1: Name DOB Age A 5/1/1990 25 B 7/1/2010 6 Ind... by vjtechie67 New Member in Splunk Search 05-30-2016 0 3	0	3
Splunk searching according to a value of a JSON field Hi Guys, I have a stream of JSONs and I want to search for the JSONs which name field is John. It's just like writi... by Matan1986 Engager in Splunk Search 05-29-2016 1 1	1	1
XenServer error message 'str' object has no attribute 'xenapi' Error message after executing pyton script: getMessage.py out bin directory. Message in the var/log/TA-XS60-Server l... by rstroet6697 New Member in Splunk Search 05-29-2016 0 2	0	2